Exploitation of Triofox Vulnerability CVE-2025-12480 by UNC6485 Threat Group

Exploitation of Triofox Vulnerability CVE-2025-12480 by UNC6485 Threat Group

First seen 2 Dec 2025, 18:33 UTC MandiantCybersecuritynewsInfosecurity-MagazineBleepingcomputerWiz 83% similarity 21.4

Article Content

Browse articles
ThreatCluster

Hackers have exploited a critical unauthenticated access vulnerability (CVE-2025-12480) in Gladinet's Triofox file-sharing platform, allowing them to gain unauthorized administrative access and execute remote code. The vulnerability, affecting versions prior to 16.7.10368.56560, was actively exploited by the threat cluster UNC6485, which has been weaponizing this flaw since August 2025. Security researchers discovered the issue and reported it on November 10, 2025.

ThreatCluster AI

Community

Browse all →